Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
189 messages
starting Nov 25 11 and
ending Nov 28 11
Date index |
Thread index |
Author index
0a29 40
0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 0a29 40 (Nov 25)
abhijeet
[Announcement] ClubHack 2011 Hacking and Security Conference abhijeet (Nov 14)
[Announcement] ClubHack Mag Issue 22- Nov 2011 Released abhijeet (Nov 14)
advisory
Multiple vulnerabilities in Dolibarr advisory (Nov 23)
Multiple vulnerabilities in Efront advisory (Nov 02)
Multiple vulnerabilities in webERP advisory (Nov 17)
Multiple vulnerabilities in OrangeHRM advisory (Nov 30)
Sql injection in SugarCRM advisory (Nov 30)
Local file inclusion in VtigerCRM advisory (Nov 09)
Alexandr Polyakov
[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay Alexandr Polyakov (Nov 17)
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability Alexandr Polyakov (Nov 17)
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering) Alexandr Polyakov (Nov 17)
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose Alexandr Polyakov (Nov 17)
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose Alexandr Polyakov (Nov 17)
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW) Alexandr Polyakov (Nov 17)
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability Alexandr Polyakov (Nov 17)
[DSECRG-11-037] SAP BW Doc - Multiple XSS Alexandr Polyakov (Nov 17)
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation Alexandr Polyakov (Nov 17)
Alex Davis
Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Alex Davis (Nov 29)
Alex Legler
[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities Alex Legler (Nov 01)
[ GLSA 201111-08 ] radvd: Multiple vulnerabilities Alex Legler (Nov 21)
[ GLSA 201111-07 ] TinTin++: Multiple vulnerabilities Alex Legler (Nov 21)
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities Alex Legler (Nov 07)
[ GLSA 201111-11 ] GNU Tar: User-assisted execution of arbitrary code Alex Legler (Nov 21)
[ GLSA 201111-09 ] Perl Safe module: Arbitrary Perl code injection Alex Legler (Nov 21)
[ GLSA 201111-06 ] MaraDNS: Arbitrary code execution Alex Legler (Nov 21)
[ GLSA 201111-10 ] Evince: Multiple vulnerabilities Alex Legler (Nov 21)
Amir
Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
Wordpress enable-latex plugin Remote File Include Vulnerabilities Amir (Nov 23)
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Amir (Nov 17)
Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
wordpress Lanoba Social Plugin Xss Vulnerabilities Amir (Nov 21)
Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Amir (Nov 23)
Wordpress advanced-text-widget Plugin Vulnerabilities Amir (Nov 21)
Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Amir (Nov 28)
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities Amir (Nov 21)
Wordpress adminimize Plugin Vulnerabilities Amir (Nov 21)
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities Amir (Nov 30)
apa-iutcert
IBSng all version Cross-Site Scripting Vulnerability apa-iutcert (Nov 01)
Apple Product Security
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Apple Product Security (Nov 09)
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 Apple Product Security (Nov 14)
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update Apple Product Security (Nov 14)
APPLE-SA-2011-11-14-1 iTunes 10.5.1 Apple Product Security (Nov 15)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Cisco Systems Product Security Incident Response Team (Nov 09)
Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Cisco Systems Product Security Incident Response Team (Nov 02)
Code Audit Labs
[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities Code Audit Labs (Nov 09)
[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability Code Audit Labs (Nov 09)
CORE Security Technologies Advisories
CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass CORE Security Technologies Advisories (Nov 14)
cxib
Multiple BSD libc/regcomp(3) Multiple Vulnerabilities cxib (Nov 04)
Daniel Roethlisberger
Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 Daniel Roethlisberger (Nov 30)
ddivulnalert
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] ddivulnalert (Nov 01)
demonalex
GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability demonalex (Nov 01)
CmyDocument Content Management Application - XSS Vulnerabilities demonalex (Nov 03)
Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability demonalex (Nov 29)
Dragos Ruiu
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011 Dragos Ruiu (Nov 30)
entomology
Cisco CUCM - Multiple Vulnerabilities entomology (Nov 08)
Fernando Gont
Implications of IPv6 on network firewalls Fernando Gont (Nov 21)
IPv6 security (slides and training) Fernando Gont (Nov 08)
Florian Weimer
[SECURITY] [DSA 2344-1] python-django-piston security update Florian Weimer (Nov 14)
[SECURITY] [DSA 2346-2] proftpd-dfsg regression fix Florian Weimer (Nov 17)
[SECURITY] [DSA 2347-1] bind9 security update Florian Weimer (Nov 17)
[SECURITY] [DSA 2346-1] proftpd-dfsg security update Florian Weimer (Nov 16)
Henri Salo
Re: wordpress Lanoba Social Plugin Xss Vulnerabilities Henri Salo (Nov 21)
Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
Re: XSS in Tiki Wiki CMS Groupware Henri Salo (Nov 22)
Re: jara 1.6 sql injection vulnerability Henri Salo (Nov 22)
Ivan Buetler
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Ivan Buetler (Nov 21)
New online security challenge - GotWurzel Ivan Buetler (Nov 08)
James Webb
Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus James Webb (Nov 17)
Jose Carlos de Arriba
[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities Jose Carlos de Arriba (Nov 14)
Kotas, Kevin J
CA20111116-01: Security Notice for CA Directory Kotas, Kevin J (Nov 17)
Luigi Auriemma
Vulnerabilities in Siemens SIMATIC WinCC flexible 2008 SP2 Luigi Auriemma (Nov 28)
Vulnerabilities in Siemens Automation License Manager Luigi Auriemma (Nov 28)
Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 Luigi Auriemma (Nov 29)
maciej . kozuszek
New issue of PenTest Magazine is out - 21 pages of free content. maciej . kozuszek (Nov 30)
Debut issue of Web App Pentesting Magazine - Free Download! maciej . kozuszek (Nov 23)
Major Malfunction
DC4420 - London DEFCON - November 2011 meet - Tuesday 15th November Major Malfunction (Nov 09)
marian . ventuneac
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter marian . ventuneac (Nov 29)
Mark Thomas
[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Mark Thomas (Nov 08)
Moritz Muehlenhoff
[SECURITY] [DSA 2342-1] iceape security update Moritz Muehlenhoff (Nov 10)
[SECURITY] [DSA 2341-1] iceweasel security update Moritz Muehlenhoff (Nov 09)
[SECURITY] [DSA 2338-1] moodle security update Moritz Muehlenhoff (Nov 08)
[SECURITY] [DSA 2351-1] wireshark security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2334-1] mahara security update Moritz Muehlenhoff (Nov 04)
[SECURITY] [DSA 2339-1] nss security update Moritz Muehlenhoff (Nov 08)
[SECURITY] [DSA 2352-1] puppet security update Moritz Muehlenhoff (Nov 23)
[SECURITY] [DSA 2353-1] ldns security update Moritz Muehlenhoff (Nov 25)
[SECURITY] [DSA 2350-1] freetype security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2348-1] systemtap security update Moritz Muehlenhoff (Nov 21)
[SECURITY] [DSA 2349-1] spip security update Moritz Muehlenhoff (Nov 21)
muuratsalo experimental hack lab
OrderSys <= 1.6.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
Blogs manager <= 1.101 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
Re: LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
Freelancer calendar <= 1.01 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
LabStoRe <= 1.5.4 Sql Injection Vulnerabilities muuratsalo experimental hack lab (Nov 09)
Valid tiny-erp <= 1.6 SQL Injection Vulnerability muuratsalo experimental hack lab (Nov 21)
LabWiki <= 1.1 Multiple Vulnerabilities muuratsalo experimental hack lab (Nov 09)
n0b0d13s
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability n0b0d13s (Nov 21)
Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Vulnerability n0b0d13s (Nov 14)
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability n0b0d13s (Nov 23)
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities n0b0d13s (Nov 30)
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability n0b0d13s (Nov 17)
Re: Local file inclusion in VtigerCRM n0b0d13s (Nov 10)
Netsparker Advisories
XSS Vulnerabilities in eFront Netsparker Advisories (Nov 01)
XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3 Netsparker Advisories (Nov 01)
XSS vulnerability in Joomla 1.6.3 Netsparker Advisories (Nov 14)
Nick Freeman
Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits Nick Freeman (Nov 29)
Nico Golde
[SECURITY] [DSA 2335-1] man2html security update Nico Golde (Nov 07)
nospam
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability nospam (Nov 01)
percx
foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 08)
Re: Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage percx (Nov 14)
Raphael Geissert
[SECURITY] [DSA 2343-1] openssl security update Raphael Geissert (Nov 09)
Research@NGSSecure
NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution Research@NGSSecure (Nov 23)
NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution Research@NGSSecure (Nov 23)
NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution Research@NGSSecure (Nov 23)
NGS00042 Technical Advisory: Solaris 11 USB hub class descriptor kernel stack overflow (CVE-2011-2295) Research@NGSSecure (Nov 02)
research () vulnerability-lab com
iGuard Biometric Access Control - Multiple Vulnerabilities research () vulnerability-lab com (Nov 14)
reset557
Malware detection evasion in antivirus software reset557 (Nov 07)
Secunia Research
Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability Secunia Research (Nov 17)
security
[ MDVSA-2011:171 ] networkmanager security (Nov 14)
[ MDVSA-2011:176-2 ] bind security (Nov 18)
[ MDVSA-2011:168 ] apache security (Nov 09)
[ MDVSA-2011:163 ] phpldapadmin security (Nov 02)
[ MDVSA-2011:177 ] freetype2 security (Nov 23)
[ MDVSA-2011:162 ] kdelibs4 security (Nov 01)
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 security (Nov 09)
[ MDVSA-2011:167 ] gimp security (Nov 04)
[ MDVSA-2011:164 ] wireshark security (Nov 02)
[ MDVSA-2011:168 ] apache security (Nov 09)
[ MDVSA-2011:180 ] php-suhosin security (Nov 28)
[ MDVSA-2011:166 ] php security (Nov 03)
[ MDVSA-2011:178 ] glibc security (Nov 28)
[ MDVSA-2011:174 ] graphite2 security (Nov 15)
Multiple security vulnerabilities in AShop security (Nov 09)
[ MDVSA-2011:173 ] openssl0.9.8 security (Nov 14)
[ MDVSA-2011:165 ] php security (Nov 03)
[ MDVSA-2011:175 ] poppler security (Nov 15)
[ MDVSA-2011:176-1 ] bind security (Nov 18)
[ MDVSA-2011:179 ] glibc security (Nov 28)
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities security (Nov 17)
[ MDVSA-2011:172 ] libreoffice security (Nov 14)
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability security (Nov 30)
[ MDVSA-2011:176 ] bind security (Nov 17)
[ MDVSA-2011:170 ] java-1.6.0-openjdk security (Nov 14)
Security_Alert
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. Security_Alert (Nov 03)
ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Security_Alert (Nov 03)
security-alert
[security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access security-alert (Nov 22)
[security bulletin] HPSBHF02706 SSRT100613 rev.1 - HP Integrated Lights-Out iLO2 and iLO3 running SSL/TLS, Denial of Service (DoS), Unauthorized Modification security-alert (Nov 08)
[security bulletin] HPSBMU02704 SSRT100619 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Denial of Service (DoS) security-alert (Nov 03)
[security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code security-alert (Nov 14)
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information security-alert (Nov 14)
[security bulletin] HPSBUX02725 SSRT100627 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) security-alert (Nov 24)
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access security-alert (Nov 10)
[security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege security-alert (Nov 24)
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 04)
[security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access security-alert (Nov 14)
[security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code security-alert (Nov 01)
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access security-alert (Nov 04)
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) security-alert (Nov 10)
[security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS) security-alert (Nov 17)
Sergio Gelato
Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage Sergio Gelato (Nov 10)
sschurtz
Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting sschurtz (Nov 03)
osCSS2 "_ID" parameter Local file inclusion sschurtz (Nov 08)
Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability sschurtz (Nov 03)
tan
CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY tan (Nov 01)
Thijs Kinkhorst
[SECURITY] [DSA 2337-1] xen security update Thijs Kinkhorst (Nov 07)
[SECURITY] [DSA 2340-1] postgresql security update Thijs Kinkhorst (Nov 08)
Tim Sammut
[ GLSA 201111-04 ] phpDocumentor: Function call injection Tim Sammut (Nov 14)
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Nov 21)
[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities Tim Sammut (Nov 14)
Tobias Glemser
TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Tobias Glemser (Nov 23)
Trustwave Advisories
TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon Trustwave Advisories (Nov 08)
VMware Security Team
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Team (Nov 18)
Yves-Alexis Perez
[SECURITY] [DSA 2336-1] ffmpeg security update Yves-Alexis Perez (Nov 08)
[SECURITY] [DSA 2354-1] cups security update Yves-Alexis Perez (Nov 30)
ZDI Disclosures
ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability ZDI Disclosures (Nov 17)
ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)
ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability ZDI Disclosures (Nov 28)